echoCTF.RED Target: CVE-2020-7247 #29

A small and easy target that implements the OpenSMTPD CVE-2020-7247 vulnerability

FQDNCVE-2020-7247.echocity-f.com
IP10.0.100.33
Difficultymedium
RootableYes
Total points3600
Flags / Services 4 / 1
Headshotshitmanalharbi, mpz, abosaif

This is a target running a vulnerable OpenSMTPD instance of CVE-2020-7247.

Description

A vulnerability discovered in OpenSMTPD, OpenBSD's mail server was exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root

Environment details

The system is accessible at 10.0.100.33 and runs OpenSMTPD on Debian Buster on the default port (25/tcp).

Flags can be found at the usual places:

  • /root
  • /etc/passwd gecos
  • /etc/shadow password hash
  • env variable
References

Target activity

Latest activity on the target

abosaif managed to headshot [CVE-2020-7247.echocity-f.com], 1 day ago
abosaif Gained access to data stored in environmental variables from CVE-2020-7247 for 700 points, 1 day ago
abosaif Discovered the ETSCTF username flag under the /etc/shadow file from CVE-2020-7247 for 1000 points, 1 day ago
abosaif Discovered the ETSCTF username gecos flag under the /etc/passwd file from CVE-2020-7247 for 800 points, 1 day ago
abosaif Got the /root flag from CVE-2020-7247 for 1000 points, 1 day ago
abosaif Connected to the smtp port of CVE-2020-7247 for 100 points, 1 day ago
ThamerPlayer Connected to the smtp port of CVE-2020-7247 for 100 points, 3 days ago
mendel3 Connected to the smtp port of CVE-2020-7247 for 100 points, 3 days ago
mohadaladi Connected to the smtp port of CVE-2020-7247 for 100 points, 3 days ago
hitmanalharbi managed to headshot [CVE-2020-7247.echocity-f.com], 3 days ago